voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

update newsite

Browse Source
This commit is contained in:
David Schroeder
2023-04-25 10:48:21 -05:00
parent 392b7e0cf3
commit 60b7647cdb
3 changed files with 77 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
defaults.inc
View File

@@ -1,6 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
VERS='4.2.34-04242023' VERS='4.3.1-04252023'
NODETYPES=MYSQL,LB,WEB,NC,WPD,LPD,PW NODETYPES=MYSQL,LB,WEB,NC,WPD,LPD,PW
#NODETYPES=WPD,LPD,PW #NODETYPES=WPD,LPD,PW
MYSQLHOSTS=10.10.1.51,10.10.1.52 MYSQLHOSTS=10.10.1.51,10.10.1.52

105
nodemgmt-scripts.sh
View File

@@ -707,11 +707,11 @@ CHECK_DOCKER_SERVICES(){
} }
NEWCERT(){ NEWCERT(){
echo "" echo
if [ -z ${1+x} ]; then if [ -z ${1+x} ]; then
echo -e -n "${idsCL[LightCyan]}Create certificate for what address: ${idsCL[Default]}" echo -e -n "${idsCL[LightCyan]}Create certificate for what address: ${idsCL[Default]}"
read NEW_CERT read NEW_CERT
echo "" echo
else else
NEW_CERT=${1} NEW_CERT=${1}
fi fi
@@ -735,12 +735,12 @@ NEWCERT(){
# echo -e "${idsCL[Green]}Completed${idsCL[Default]}" # echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
# echo # echo
$CERT_DAEMON certonly --webroot -w /var/www/html -d ${NEW_CERT} sudo -iu le $CERT_DAEMON certonly --certonly -d ${NEW_CERT}
# $CERT_DAEMON certonly --dry-run --webroot -w /var/www/html -d ${NEW_CERT} # $CERT_DAEMON certonly --dry-run --webroot -w /var/www/html -d ${NEW_CERT}
if [ -f /etc/letsencrypt/live/${MAIN_CERT}/cert.pem ]; then if [ -f /etc/letsencrypt/live/${MAIN_CERT}/cert.pem ]; then
chown -R root:letsencrypt /etc/letsencrypt # chown -R root:letsencrypt /etc/letsencrypt
chmod -R 6775 /etc/letsencrypt # chmod -R 6775 /etc/letsencrypt
if [ -f /etc/nginx/sites-available/${MAIN_CERT} ]; then if [ -f /etc/nginx/sites-enabled/${MAIN_CERT} ]; then
rm -f ${FOLDER}/cert-request.lastrun rm -f ${FOLDER}/cert-request.lastrun
daterun=`date +%Y-%m-%d-%H-%M-%S` daterun=`date +%Y-%m-%d-%H-%M-%S`
echo -e "${NEW_CERT}\n${daterun}" > ${FOLDER}/cert-request.lastrun echo -e "${NEW_CERT}\n${daterun}" > ${FOLDER}/cert-request.lastrun
@@ -1287,7 +1287,6 @@ NEWSITE(){
-proxy_host) PROXYHOST=${2};; -proxy_host) PROXYHOST=${2};;
-proxy_port) PROXYPORT=${2};; -proxy_port) PROXYPORT=${2};;
-h | -help | --help) -h | -help | --help)
echo "Missing arguments"
echo "" echo ""
echo -e "Usage: ${idsCL[Yellow]}nodemgmt newcert${idsCL[Default]} {" echo -e "Usage: ${idsCL[Yellow]}nodemgmt newcert${idsCL[Default]} {"
width=33 width=33
@@ -1344,9 +1343,43 @@ NEWSITE(){
read PROXYSCHEME read PROXYSCHEME
showdivide=yes showdivide=yes
fi fi
if [ -z ${WEBOSCKET+x} ]; then
echo -e -n "${idsCL[LightCyan]}Enable Weboscket Support (y/N): ${idsCL[Default]}"
read WEBOSCKET
showdivide=yes
if [[ ${WEBOSCKET} =~ ^[Nn]$ ]] || [ "${WEBOSCKET}" = "" ]; then
WEBOSCKET=no
elif [[ ${WEBOSCKET} =~ ^[Yy]$ ]]; then
WEBOSCKET=yes
else
WEBOSCKET=no
fi
fi
if [ -z ${HSTS+x} ]; then
echo -e -n "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}"
read HSTS
showdivide=yes
if [[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ]; then
HSTS=yes
else
HSTS=no
fi
fi
if [ -z ${EXPLOITS+x} ]; then
echo -e -n "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}"
read EXPLOITS
showdivide=yes
if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then
EXPLOITS=no
elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then
EXPLOITS=yes
else
EXPLOITS=no
fi
fi
fi fi
if [ "${showdivide}" = "yes" ]; then DIVIDER; fi [ "${showdivide}" == "yes" ] && DIVIDER
echo "" echo
width=14 width=14
printf "%-${width}s: %s\n" "New site" "${NEW_SITE}" printf "%-${width}s: %s\n" "New site" "${NEW_SITE}"
printf "%-${width}s: %s\n" "Create SSL" "${CREATE_SSL}" printf "%-${width}s: %s\n" "Create SSL" "${CREATE_SSL}"
@@ -1355,6 +1388,9 @@ NEWSITE(){
printf "%-${width}s: %s\n" "Proxy host" "${PROXYHOST}" printf "%-${width}s: %s\n" "Proxy host" "${PROXYHOST}"
printf "%-${width}s: %s\n" "Proxy port" "${PROXYPORT}" printf "%-${width}s: %s\n" "Proxy port" "${PROXYPORT}"
printf "%-${width}s: %s\n" "Proxy scheme" "${PROXYSCHEME}" printf "%-${width}s: %s\n" "Proxy scheme" "${PROXYSCHEME}"
printf "%-${width}s: %s\n" "Websocket Support" "${WEBOSCKET}"
printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}"
printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}"
fi fi
echo -e -n "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} " echo -e -n "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} "
read response read response
@@ -1376,6 +1412,8 @@ NEWSITE(){
if [ "${GO}" = "true" ]; then if [ "${GO}" = "true" ]; then
echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}" echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
echo "" echo ""
######################################### LOCAL
if [ "${SITE_TYPE}" = "local" ]; then if [ "${SITE_TYPE}" = "local" ]; then
echo -e "server { echo -e "server {
listen 80;" > /etc/nginx/sites-available/${MAIN_SITE} listen 80;" > /etc/nginx/sites-available/${MAIN_SITE}
@@ -1438,40 +1476,27 @@ NEWSITE(){
# SET-PERMISSIONS ${MAIN_SITE} # SET-PERMISSIONS ${MAIN_SITE}
# echo -e "${idsCL[Green]}Completed${idsCL[Default]}" # echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
else
echo -e "server {
set \$forward_scheme ${PROXYSCHEME}; ######################################### PROXY
set \$server \"${PROXYHOST}\"; else
set \$port ${PROXYPORT}; [ "${WEBSOCKET}" == "yes" ] && WEBSOCKET="include conf.d/include/websocket-support.conf;" || WEBSOCKET=""
[ "${HSTS}" == "yes" ] && HSTS="include conf.d/include/hsts-support.conf;" || HSTS=""
listen 80;" > /etc/nginx/sites-available/${MAIN_SITE} [ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d/include/block-exploits.conf;" || EXPLOITS=""
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " listen 443 ssl http2;" >> /etc/nginx/sites-available/${MAIN_SITE} cp ${FOLDER}/templates/nginx.proxy.site /etc/nginx/ites-enabled/${MAIN_SITE}
fi sed -i "s/<<HOSTNAME>>/${MAIN_SITE}/g" /etc/nginx/ites-enabled/${MAIN_SITE}
echo -e " sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" /etc/nginx/ites-enabled/${MAIN_SITE}
server_name ${NGINX_SERVERNAME};" >> /etc/nginx/sites-available/${MAIN_SITE} sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" /etc/nginx/ites-enabled/${MAIN_SITE}
if [ "${CREATE_SSL}" = "yes" ]; then sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" /etc/nginx/ites-enabled/${MAIN_SITE}
echo -e " sed -i "s/<<WEBSOCKET>>/${WEBSOCKET}/g" /etc/nginx/ites-enabled/${MAIN_SITE}
include conf.d/include/letsencrypt-acme-challenge.conf; sed -i "s/<<HSTS>>/${HSTS}/g" /etc/nginx/ites-enabled/${MAIN_SITE}
include conf.d/include/ssl-ciphers.conf; sed -i "s/<<EXPLOITS>>/${EXPLOITS}/g" /etc/nginx/ites-enabled/${MAIN_SITE}
ssl_certificate /etc/letsencrypt/live/${MAIN_SITE}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${MAIN_SITE}/privkey.pem;" >> /etc/nginx/sites-available/${MAIN_SITE}
fi
echo -e "
access_log /var/log/nginx/proxy-${MAIN_SITE}.log proxy;
location / {" >> /etc/nginx/sites-available/${MAIN_SITE}
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " include conf.d/include/force-ssl.conf;" >> /etc/nginx/sites-available/${MAIN_SITE}
fi
echo -e " include conf.d/include/proxy.conf;
}
}
" >> /etc/nginx/sites-available/${MAIN_SITE}
fi fi
ln -s /etc/nginx/sites-available/${MAIN_SITE} /etc/nginx/sites-enabled/${MAIN_SITE}
if [ "${CREATE_SSL}" = "yes" ]; then if [ "${CREATE_SSL}" = "yes" ]; then
NEWCERT ${NEW_SITE} NEWCERT ${NEW_SITE}
fi fi

13
templates/nginx.proxy.site
View File

@@ -10,12 +10,19 @@ server {
include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf; include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/<<HOSTNAME>>/fullchain.pem; ssl_certificate /opt/lb-data/letsencrypt/live/<<HOSTNAME>>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<<HOSTNAME>>/privkey.pem; ssl_certificate_key /opt/lb-data/letsencrypt/live/<<HOSTNAME>>/privkey.pem;
access_log /var/log/nginx/proxy-<<HOSTNAME>>.log proxy; access_log /var/log/nginx/<<HOSTNAME>>.proxy.log proxy;
error_log /var/log/nginx/<<HOSTNAME>>.error.log warn;
<<EXPLOITS>>
<<WEBSOCKET>>
<<HSTS>>
location / { location / {
<<WEBSOCKET>>
<<HSTS>>
include conf.d/include/force-ssl.conf; include conf.d/include/force-ssl.conf;
include conf.d/include/proxy.conf; include conf.d/include/proxy.conf;
} }